Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-dxv7-9y1b-pff7
Vulnerability ID VCID-dxv7-9y1b-pff7
Aliases CVE-2011-5035
Summary Multiple vulnerabilities have been found in the IcedTea JDK, the worst of which could lead to arbitrary code execution.
Status Published
Exploitability 2.0
Weighted Severity 0.5
Risk 1.0
Affected and Fixed Packages Package Details
Weaknesses (0)
There are no known CWE.
System Score Found at
epss 0.58626 https://api.first.org/data/v1/epss?cve=CVE-2011-5035
epss 0.58626 https://api.first.org/data/v1/epss?cve=CVE-2011-5035
epss 0.58626 https://api.first.org/data/v1/epss?cve=CVE-2011-5035
epss 0.58626 https://api.first.org/data/v1/epss?cve=CVE-2011-5035
epss 0.58626 https://api.first.org/data/v1/epss?cve=CVE-2011-5035
epss 0.58626 https://api.first.org/data/v1/epss?cve=CVE-2011-5035
epss 0.58626 https://api.first.org/data/v1/epss?cve=CVE-2011-5035
epss 0.58626 https://api.first.org/data/v1/epss?cve=CVE-2011-5035
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-5035.json
https://api.first.org/data/v1/epss?cve=CVE-2011-5035
771283 https://bugzilla.redhat.com/show_bug.cgi?id=771283
GLSA-201401-30 https://security.gentoo.org/glsa/201401-30
GLSA-201406-32 https://security.gentoo.org/glsa/201406-32
RHSA-2012:0135 https://access.redhat.com/errata/RHSA-2012:0135
RHSA-2012:0139 https://access.redhat.com/errata/RHSA-2012:0139
RHSA-2012:0322 https://access.redhat.com/errata/RHSA-2012:0322
RHSA-2012:0514 https://access.redhat.com/errata/RHSA-2012:0514
RHSA-2013:1455 https://access.redhat.com/errata/RHSA-2013:1455
USN-1373-1 https://usn.ubuntu.com/1373-1/
USN-1373-2 https://usn.ubuntu.com/1373-2/
Data source Exploit-DB
Date added July 14, 2006
Description MyBulletinBoard (MyBB) 1.1.5 - 'CLIENT-IP' SQL Injection
Ransomware campaign use Known
Source publication date July 15, 2006
Exploit type webapps
Platform php
Source update date Nov. 9, 2016
Data source Metasploit
Description This module uses a denial-of-service (DoS) condition appearing in a variety of programming languages. This vulnerability occurs when storing multiple values in a hash table and all values have the same hash value. This can cause a web server parsing the POST parameters issued with a request into a hash table to consume hours of CPU with a single HTTP request. Currently, only the hash functions for PHP and Java are implemented. This module was tested with PHP + httpd, Tomcat, Glassfish and Geronimo. It also generates a random payload to bypass some IDS signatures.
Note 
Stability:
  - crash-service-down
SideEffects: []
Reliability: []
Ransomware campaign use Unknown
Source publication date Dec. 28, 2011
Source URL https://github.com/rapid7/metasploit-framework/tree/master/modules/auxiliary/dos/http/hashcollision_dos.rb
There are no known vectors.
Exploit Prediction Scoring System (EPSS)
Percentile 0.98196
EPSS Score 0.58626
Published At April 1, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T13:10:10.206991+00:00 Gentoo Importer Import https://security.gentoo.org/glsa/201406-32 38.0.0